This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:STC:ADOBE:READER-FONT-OF
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Adobe Reader Font Parsing Integer Overflow
|
Release Date |
2010/09/28
|
Update Number |
1780
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Adobe Reader Font Parsing Integer Overflow
This signature detects attempts to exploit a known code execution vulnerability in Adobe Reader and Adobe Acrobat. It is due to an integer overflow error within the CoolType.dll module when handling a PDF document embedding a TrueType Font(TTF) with a crafted maxCompositePoints field in a maxp table. Remote attackers can exploit this by enticing target users to open a malicious PDF document. Successful exploitation can result in arbitrary code execution in the context of the logged on user.
Extended Description
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
The following products are affected:
Adobe Reader 9.3.3 and prior
Adobe Acrobat 9.3.3 and prior
Adobe Reader 8.2.3 and prior
Acrobat 8.2.3 and prior
Affected Products
- Adobe acrobat 8.1.5
- Adobe acrobat 8.2.2
- Adobe acrobat 8.2.3
- Adobe acrobat 9.1.1
- Adobe acrobat 9.2
- Adobe acrobat 9.3
- Adobe acrobat 9.3.1
- Adobe acrobat 9.3.2
- Adobe acrobat 9.3.3
- Adobe acrobat_professional 8.0
- Adobe acrobat_professional 8.1
- Adobe acrobat_professional 8.1.1
- Adobe acrobat_professional 8.1.2
- Adobe acrobat_professional 8.1.2 Security Update 1
- Adobe acrobat_professional 8.1.3
- Adobe acrobat_professional 8.1.4
- Adobe acrobat_professional 8.1.6
- Adobe acrobat_professional 8.1.7
- Adobe acrobat_professional 8.2
- Adobe acrobat_professional 8.2.1
- Adobe acrobat_professional 8.2.2
- Adobe acrobat_professional 9
- Adobe acrobat_professional 9.1
- Adobe acrobat_professional 9.1.2
- Adobe acrobat_professional 9.1.3
- Adobe acrobat_professional 9.2
- Adobe acrobat_professional 9.3
- Adobe acrobat_professional 9.3.1
- Adobe acrobat_professional 9.3.2
- Adobe acrobat_professional 9.3.3
- Adobe acrobat_reader_(for_linux) 9.1.1
- Adobe acrobat_standard 8.0
- Adobe acrobat_standard 8.1
- Adobe acrobat_standard 8.1.1
- Adobe acrobat_standard 8.1.2
- Adobe acrobat_standard 8.1.3
- Adobe acrobat_standard 8.1.4
- Adobe acrobat_standard 8.1.6
- Adobe acrobat_standard 8.1.7
- Adobe acrobat_standard 8.2
- Adobe acrobat_standard 8.2.1
- Adobe acrobat_standard 8.2.2
- Adobe acrobat_standard 9
- Adobe acrobat_standard 9.1
- Adobe acrobat_standard 9.1.2
- Adobe acrobat_standard 9.1.3
- Adobe acrobat_standard 9.2
- Adobe acrobat_standard 9.3
- Adobe acrobat_standard 9.3.1
- Adobe acrobat_standard 9.3.2
- Adobe acrobat_standard 9.3.3
- Adobe reader 8.0
- Adobe reader 8.1
- Adobe reader 8.1.1
- Adobe reader 8.1.2
- Adobe reader 8.1.2 Security Update 1
- Adobe reader 8.1.3
- Adobe reader 8.1.4
- Adobe reader 8.1.5
- Adobe reader 8.1.6
- Adobe reader 8.1.7
- Adobe reader 8.2
- Adobe reader 8.2.1
- Adobe reader 8.2.2
- Adobe reader 8.2.3
- Adobe reader 9
- Adobe reader 9.1
- Adobe reader 9.1.1
- Adobe reader 9.1.2
- Adobe reader 9.1.3
- Adobe reader 9.2
- Adobe reader 9.3
- Adobe reader 9.3.1
- Adobe reader 9.3.2
- Adobe reader 9.3.3
- Red_hat desktop_extras 4
- Red_hat enterprise_linux_as_extras 4
- Red_hat enterprise_linux_desktop_supplementary 5 Client
- Red_hat enterprise_linux_es_extras 4
- Red_hat enterprise_linux_extras 4
- Red_hat enterprise_linux_supplementary 5 Server
- Red_hat enterprise_linux_ws_extras 4
- Suse opensuse 11.1
- Suse opensuse 11.2
- Suse opensuse 11.3
- Suse suse_linux_enterprise_desktop 10 SP3
- Suse suse_linux_enterprise_desktop 11
- Suse suse_linux_enterprise_desktop 11 SP1
References